KR101134059B1 - Authentication method, system, server, and client - Google Patents

Abstract

The authentication method is disclosed. The method uses the server to generate a trigger message using the trigger message random number, the server sends the trigger message to the client, the client extracts the trigger message random number, and after the client determines that the trigger message random number is valid. Generating a digest using the trigger message random number, and authenticating the trigger message generated using the trigger message random number, after the client has successfully authenticated, sends a session request including the session ID to the server indicated by the trigger message. Shipping to. It provides a corresponding system, server and client. According to the present invention, more secure authentication processing is possible through the client and the server based on the DS or DM protocol.

Description

Authentication method, system, server, and client {AUTHENTICATION METHOD, SYSTEM, SERVER, AND CLIENT}

TECHNICAL FIELD The present invention relates to the field of communications technologies, and in particular, to an authentication method, a system, a server, and a client based on a Data Synchronization (DS) protocol and a Device Management (DM) protocol.

delete

delete

SyncML (Synchronization Markup Language) is a protocol developed to synchronize personal information and intra-enterprise data between multiple platforms and networks. The SyncML protocol defines a set of operations between participating entities and a set of message formats for performing these operations. Based on this SyncML, the Open Mobile Alliance (OMA) is developing the DC protocol and DM protocol.

The DS protocol can synchronize personal information and corporate integrated data across multiple platforms and networks. The DS protocol generally applies to data synchronization between a mobile device or application and a network, or data synchronization between two personal computers (PCs).

The DM protocol downloads management instruction data from the network to the client and allows the client to execute management instructions that automatically upgrade, configure, and diagnose its software and hardware. It is a remote management solution that can reduce costs. The DM protocol transfers service information required by an operator and information about the client's functions from the client to the server, and supports operation of other services.

Similar security authentication mechanisms can be applied to the DS and DM protocols to effectively authenticate servers and clients. This is shown in FIG.

Step 101: The server sends a trigger message to the client to trigger a session.

This trigger message contains the digest created using the server random number (s_nonce) and the trigger information (TriggerInfo). The trigger message may be included in a short message or other push message.

s_nonce is a random number created by the client and available to the server.

Step 102: The client sends a session request to the server.

After receiving the trigger message, the client uses the stored s_nonce to generate digest information and to authenticate the trigger message. If authentication succeeds, the client sends a session request to the server to initiate the session.

The session request includes a session ID and a client's authentication information. The authentication information is a digest made using the client random number (c_nonce).

c_nonce is created by the server and available to clients.

In step 102, a session connection is established between a client and a server.

Step 103: The server returns a response containing the authentication result and the authentication request.

The server authenticates the client according to the authentication information sent by the client and returns a response including the authentication result and the server authentication request.

More specifically, this response includes the SessionID and the server's authentication information (ie, a Digest made using s_nonce) as a result of the server authenticating the client.

Step 104: The client returns a message containing the authentication result to the server.

The client authenticates the server according to the authentication information sent by the server, and returns a message containing the authentication result to the server.

More specifically, this message includes the result of the client authenticating the server and other relevant information.

If the server fails to authenticate to the client, or if the client fails to authenticate to the server, for example if the password is incorrect or the nonce value is incorrect, the server or client will ask the other party to re-authenticate. ) You can send the request directly.

If the server knows that the s_nonce used in the trigger message is incorrect, for example, if the server does not receive a normal response from the client after repeatedly sending a trigger message, the server determines that s_nonce is not correct, and thus the default random number. Create a digest of the trigger message with the value "0x00000000". After failing to authenticate the trigger according to the Digest created using s_nonce, the client generates a Digest using the default nonce and then authenticates the trigger message again. If authentication succeeds, a default random value is used to authenticate the server and client and update s_nonce and c_nonce. The update process is shown in FIG.

Step 201: The server sends a trigger message to the client to trigger the session.

After the server determines that the previous s_nonce is incorrect, it generates a trigger message and sends it to the client using the default random value. The trigger message contains the digest and TriggerInfo created using the default random value.

Step 202: The client authenticates that the trigger message has failed, and reauthenticates using the default random value.

After receiving the trigger message, the client authenticates the trigger message using the stored s_nonce. If authentication fails for some reason, the client reauthenticates the trigger message using the default random value.

If authentication succeeds, it indicates that the s_nonce previously used by the server was incorrect, and the client sends a session request to the server.

Step 203: The client sends a session request to the server.

The client uses the default random value to send a session request to the server to initiate the session after authentication succeeds.

The session request contains a digest created using the SessionID and the default random value.

Step 204: The server returns a response including the authentication result, the authentication request, and a command to update c_nonce.

The server authenticates the client using the default random value and returns a response back to the client containing the authentication result and the authentication request.

More specifically, this response includes the client's authentication of the client, a command to update c_nonce, and a digest generated using the default random value.

Step 205: The client returns a message to the server containing the authentication result and a command to update c_nonce.

The client authenticates the server using the default random value. If authentication succeeds, after updating c_nonce, the client returns a message to the server containing the authentication result and a command for updating c_nonce.

Step 206: The server returns an update result of s_nonce to the client.

In the course of the development of the present invention, the inventors have found the following problems in the prior art.

The default random value is used to authenticate if s_nonce is incorrect. The default random value is a fixed, constant value that is publicly available. A malicious server can attack a server or client by intercepting a message that uses the default random value and sending the message repeatedly.

Conventionally, two random number values: s_nonce and c_nonce are used in one session, which are generated and updated by the server and the client, respectively, and thus the burden of managing the client and the server is high.

An embodiment of the present invention provides an authentication method based on a DS protocol or a DM protocol for optimizing authentication processing performed between a client and a server based on a data synchronization (DS) protocol or a device management (DM) protocol. Provides a system, server, and client.

According to an embodiment of the present invention, the authentication method based on the DS or DM protocol,

The server generating a trigger message using a trigger message nonce and sending the generated trigger message to the client, so that the client can extract the trigger message random number;

After determining that the trigger message random number is valid, generating a digest using the trigger message random number, and authenticating the generated trigger message using the trigger message random number; And

After the authentication succeeds, sending a session request including the session ID to the server indicated by the trigger message.

According to an embodiment of the present invention, another authentication method based on a DS or DM protocol is provided.

Determining, by the client, that an update is needed for the server random number;

By generating a new server random number, adding the new server random number generated to the session request, and sending it to the server in the session request, after the server receives the session request containing the new server random number, using the new server random number, And updating the stored server random number.

delete

delete

delete

delete

According to an embodiment of the present invention, another authentication method based on the DS and DM protocols is

The client sending a session request generated to the server using the default random number;

If the server determines that it is necessary to use the default random number to authenticate the session request after receiving the session request, the server uses the default random number to authenticate the session request, and after successful authentication of the session request, to the client, the authentication result, Returning a response including an authentication request generated using the default random number and a command to update the client random number;

If the client receives the response and determines that it needs to use a default random number to authenticate the response, it authenticates the response using the default random number, and after the client succeeds in authenticating the response, the authentication result and the server Returning a response to the server that includes a command to update the random number.

According to an embodiment of the present invention, another authentication method based on the DS and DM protocols is

Receiving a trigger message sent by the client by the server and generated using a default random number, session ID, or trigger message ID;

After the client receives the trigger message, the server uses the server random number to authenticate the trigger message, and if the client fails to authenticate the trigger message, the client uses the default random number, session ID, or trigger message ID to generate the trigger message. Authenticating, the client generating a session request by using the client random number after authentication succeeds, and causing the client to authenticate the client using the client random number by sending the session request to the server. do.

delete

delete

delete

Server according to an embodiment of the present invention,

A first generating unit configured to generate a trigger message that is compatible with a Data Synchronization (DS) protocol or a Device Management (DM) protocol using a trigger message random number; And

By sending a trigger message generated using a trigger message random number to the client, causing the client to extract the trigger message, and after determining that the trigger message random number is valid, authenticating the generated trigger message using the trigger message random number, And after the authentication for the trigger message succeeds, a sending unit configured to send a session request to the server indicated by the trigger message.

A client according to an embodiment of the present invention,

A receiving unit, generated by the server using a trigger message random number, adapted to receive a trigger message that is compatible with a Data Synchronization (DS) protocol or a Device Management (DM) protocol; And

Extract the trigger message random number, generate a digest using the trigger message ordinal number, and after the trigger message random number is determined to be valid, use the trigger message random number to authenticate the generated trigger message, and after authentication is successful, And a first authentication unit adapted to send the session request to the server indicated by the.

delete

delete

delete

Another client according to an embodiment of the present invention,

A receiving unit, generated by the server using a default trigger message random number, adapted to receive a trigger message that is compatible with a Data Synchronization (DS) protocol or a Device Management (DM) protocol; And

After receiving the trigger message, the server random number is used to authenticate the trigger message, if authentication fails, the default random number is used to reauthenticate the trigger message, and if authentication is successful, the client random number is used to generate the session request. And a generating unit for sending the generated session request to the server, which causes the server to authenticate the client using the client random number.

The above technical solutions effectively improve the safety of the system.

delete

delete

delete

delete

delete

delete

According to the technical solution of the present invention, instead of the conventional s_nonce and c_nonce, the server and the client share a random number in the session process to perform authentication between the client and the server, thereby effectively burdening the system. I can alleviate it.

1 is a flowchart showing a conventional authentication method.
2 is a flow chart illustrating using default random number values and updating s_nonce and c_nonce for conventional authentication.
3 is a flowchart of an authentication method according to the first embodiment of the present invention.
4 shows the structure of a message format after adding a random number value.
FIG. 5 is a flowchart showing an authentication method when s_nonce is incorrect in the first embodiment of the present invention.
6 is a flowchart showing an authentication method according to the second embodiment of the present invention.
7 is a flowchart showing an authentication method according to the fourth embodiment of the present invention.
8 is a flowchart showing an authentication method according to the fifth embodiment of the present invention.
9 is a flowchart showing an authentication method according to the sixth embodiment of the present invention.
10 shows a status response message format including a new s_nonce according to the seventh embodiment of the present invention.
11 is a flowchart showing an authentication method according to the eighth embodiment of the present invention.
12 is a flowchart showing an authentication method according to the ninth embodiment of the present invention.
13 is a flowchart showing an authentication method according to the tenth embodiment of the present invention.
14 shows a structure of an authentication system according to a first embodiment of the present invention.
15 shows a structure of a client according to the first embodiment of the present invention.
16 shows the structure of a client according to a second embodiment of the present invention.
17 shows the structure of an authentication system according to a second embodiment of the present invention.

Embodiments of the present invention provide an authentication that can optimize an authentication process performed between a client and a server based on a data synchronization protocol (DS) and a device management (DM) protocol. Provides methods, systems, servers, and clients.

The security mechanism applied to message authentication in the aforementioned session is an application layer security mechanism.

In the authentication method according to the first embodiment of the present invention, the server generates a random number for the trigger message, which is different from s_nonce (server random number) and c_nonce (client random number), and can be used for the trigger message. It is. This random number may be referred to as a trigger message random number. The server uses this random number to generate authentication information and sends a new random number and authentication information to the client along with a trigger message. The client uses this new random number to authenticate the trigger message.

As shown in FIG. 3, the authentication method according to the first embodiment of the present invention includes the following steps.

Step 301: The server sends a trigger message to the client. This message contains a trigger message nonce.

Before sending a trigger message, the server generates a trigger message random number, uses the generated random number to generate a digest, and then uses Digest to generate a trigger message.

In this embodiment, there are three ways to use the trigger message random number.

(1) When the server generates a trigger message, it adds Ts to the trigger message by using its system time Ts as the trigger message random number. Thereafter, after receiving the trigger message, the client may compare the system time Ts with the local time Tc to determine the validity of the random number. For random numbers, its validity is generally called the freshness of random numbers. Fresh nonce is valid and random without it is invalid.

After receiving the trigger message, the client calculates the difference value of Ts and Tc, that is, | Ts-Tc |. If | Ts-Tc | is less than the predetermined threshold "Diff", the trigger message random number is valid. If | Ts-Tc | is not less than the predetermined threshold "Diff", the trigger message random number is invalid.

The threshold Diff is typically set on the client side and can be an empirical value determined by the network condition. Since the mobile network itself is not stable, there may be a delay in the transmission of trigger messages. If you make the threshold too small, you increase the likelihood that the trigger message random number will not be valid. If you make the threshold too large, the client will send a message if the malicious server intercepts the trigger message and repeatedly sends the message to the client. Is considered valid information and will handle this message while | Ts-Tc | is within the threshold range.

(2) Before generating the trigger message, the server first generates a session ID for the trigger message according to a predetermined rule. This rule can be used to derive the previous session ID from the current session ID. The session ID acts as a trigger message random number. The server uses this random number to create a Digest and uses Digest to generate a trigger message.

After the client receives the trigger message, the client extracts the session ID of the session to be triggered by the trigger message and uses the extracted session ID, server ID, server password, and other fields of the trigger message to digest the message. Create (Digest). After successful authentication, the client sends a session request for establishing a session corresponding to the session ID. The server identifies the session by extracting the session ID from the session request.

In addition, after the client extracts the session ID of the session to be triggered by the trigger message, the client may infer timeliness of the session ID according to the encoding rule of the session ID. Alternatively, the client may store the session ID used and compare the session ID of the trigger message with the stored session ID to determine timeliness.

In this way, the session ID may be replaced with a trigger message ID (Notification ID: NotificationID). This trigger message ID associates the trigger message processing result returned by the client with the trigger message.

(3) When generating a trigger message, the server numbers each trigger message and uses this number as a dedicated trigger message random number. The server generates a digest using a random number, and generates a trigger message using the digest.

Numbering can be in ascending or descending order. After receiving the trigger message, the client compares the random number included in the message with the stored random number. If the numbers are in ascending order, if the new random number is larger, the random number is valid. Otherwise, if the random number is small, the random number is invalid. If the number is in descending order, the new random number is smaller, the random number is valid, otherwise it is invalid.

If the client determines that the new random number is valid and authentication to the server is successful, the client stores the new random number and uses it for comparison with the next trigger message random number.

In this method, if the malicious server attacks the client by intercepting the trigger message and sending the message repeatedly to the client, all malicious messages are invalid because the random number used by the trigger message is recorded. It can be determined that it is not, and the attack from the malicious server can be prevented.

In addition, if the mobile network becomes unstable and later sent messages arrive at the client first, the client can validate valid messages because trigger messages sent by the server, which will be used for multiple sessions, can arrive at the client in the changed order. You will be mistaken for a message you haven't.

For example, if the server sent three trigger messages in succession for three different sessions, the trigger message random numbers used by the three trigger messages are 30, 31, and 32, respectively. However, the mobile network is unstable, so the client first receives a trigger message with a random number of 32. Thus, the client determines that this message is valid and records this random number. When the other two trigger messages arrive at the client, the client compares these random numbers with the recorded random numbers, because these random numbers have a value less than the recorded random numbers, so the client incorrectly determines that the message is invalid.

For this problem, the embodiment of the present invention proposes the following three solutions.

Solution 1: The client stores all trigger message random values or the most recently received trigger message random number and compares the trigger message random number determined to be valid with the stored random number. If the trigger message random number is not equal to the stored random number, the client determines that the random number is valid and stores the random number.

If the storage space is limited, the storage space is set, and when the amount of stored random numbers reaches the upper limit, the minimum stored random number is deleted.

Solution 2: If the trigger message random values are numbered in ascending order, the client stores the maximum number of random numbers received and all or some random values less than the current maximum value and never received, and the trigger message is determined to be valid. The random number is compared with the stored random number, and if the random number is not equal to the stored random value, the random number is determined to be valid and stored. If the trigger message random values are numbered in descending order, the client stores the minimum random number received and all or some random values less than the current minimum and not received, and the trigger message random number determined to be valid is stored with the stored random value. In comparison, if the random number is not equal to the stored random number value, the random number is determined to be valid and stored.

For example, assume that the initial value is 1, the numbering method is in ascending order, and the client receives these trigger message random values 1, 2, 4, 5, and 7 in order. In this case, the client records the maximum random number " 7 " and the random number values " 3 " and " 6 " When the client receives the trigger message random number "6", it compares "6" with the maximum random number "7". Since 6 is less than 7, this random number is invalid. The client then compares "6" with "3" and "6" and finds that there is the same value. The client determines that this trigger message random number is valid and deletes the recorded "6". If the numbering method is in descending order, the judgment method is similar, and thus the description is not repeated.

Solution 3: If the trigger message random number is numbered in ascending order, the client stores the maximum random number and considers all trigger messages with a random number less than the stored maximum random number to be valid. If the trigger message random value is numbered in descending order, the client stores the maximum random number and considers all trigger messages with a random number greater than the stored maximum random number to be invalid. If the server does not receive a response from the client within a predetermined period of time, the server generates a new random number according to the numbering rule and sends a trigger message containing the new random number.

What has been described above is a method of using a trigger message random number according to an embodiment of the present invention.

If a system time or trigger message number is used as the trigger message random number, the trigger message random number may be included in the message body or message header of the trigger message. Taking the message header as an example, as shown in FIG. 4, the message format to which the random number is added includes a digest, a trigger message header (trigger-hdr), and a trigger message body (trigger-body).

The trigger-hdr includes a version, user ui-mode, session initiator, random number, future-use, server identifier length, and Server identifier is included.

In addition, embodiments of the present invention provide two methods of generating a digest using a trigger message random number.

Method 1: H = MD5 hashing function, b64 = Base64 coding function. Digest can be expressed as follows.

Digest = H (B64 (H (server-identifier: password)): nonce: B64 (H (trigger)))

The server-identifier field is the server identifier, the password field is the server password, the random field is the trigger message random number (ie system time (Ts), session ID or trigger message number), The trigger field includes a trigger header (trigger-hdr) or trigger body (trigger-body) of a trigger message.

The client receives the trigger message, determines that the trigger message includes a trigger message random number, and then retrieves a password corresponding to the server from the client management tree. The client uses the found password, server-identifier in the trigger message, a random number, and a trigger to generate a digest and compare the generated digest with the digest contained in the message. As a result of the comparison, if the two digests are the same, authentication is successful, and if they are not the same, authentication fails.

Method 2: H = MD5 hashing function, b64 = Base64 coding function.

Since the trigger message random number is included in the message header or the message body, the random number can be part of the trigger header field and the trigger body field of the trigger message. Therefore, only the trigger header field and the trigger body field need to be used to calculate the digest. The digest can be expressed as

Digest = H (B64 (H (server-identifier: password)): B64 (H (trigger)))

The server-identifier field is a server identifier, the password field is a server password, and the trigger field includes a trigger header or a trigger body of a trigger message.

The client receives the trigger message, determines that the trigger message includes a trigger message random number, and then retrieves a password corresponding to the server from the client management tree. The client uses the found password, the server identifier in the trigger message, and the trigger to generate a digest and compare the generated digest with the digest contained in the message. As a result of the comparison, if the two digests are the same, authentication is successful, and if they are not the same, authentication fails.

Step 302: The client determines that the information is valid, and after successfully authenticating the information, sends a session request to the server.

After receiving the trigger message, the client determines whether the trigger message random number included in the trigger message is valid. This determination method has been described above. If the trigger message random number is determined to be valid, the client retrieves the password corresponding to the server from the client management tree. The client uses the found password, the server identifier in the trigger message, and the trigger to generate a digest and authenticate the trigger message. A detailed authentication method is described in step 301. The authentication method of the client depends on how the digest is created.

After successful authentication, the client sends a session request to the server to start the session.

This session request includes a session ID (SessionID),

Contains authentication information, including digests created using c_nonce.

At this stage, a session connection is established between the client and the server.

Step 303: The server returns a response containing the authentication result and the authentication request.

The server authenticates the client according to the authentication information sent by the client, and returns a response including the authentication result and the authentication request to the client.

More specifically, this response includes authentication information that includes the SessionID and the digest generated using s_nonce as a result of the server authenticating the client.

Step 304: The client returns a message containing the authentication result to the server.

The client authenticates the server according to the authentication information sent by the server, and returns a message containing the authentication result to the server.

More specifically, this message contains the result of the client authenticating the server and other relevant information.

In addition, when the trigger message random number values are numbered in ascending order, as the trigger message increases, the random number value becomes larger. If the trigger message random number values are numbered in descending order, as the trigger message increases, the random number value decreases until it reaches zero. In this case, it is necessary to adjust the random number, for example, it is necessary to adjust the starting point of the count. Embodiments of the present invention provide several ways to adjust random number values as needed.

Method 1: The server periodically updates the account password on the client side. The server and client can automatically reset the random value when the server updates the client's account password.

Method 2: When a random number needs to be adjusted (for example, when a predetermined time is reached or when the count reaches a predetermined value), the server issues a command to reset the random number. This command can be an Alert command. For example,

<Alert>

<CmdID> 1 </ CmdID>

<Data> 1227 </ Data> <!-Random count replacement->

</ Alert>

After adjusting the random number, the server can issue a command to the client to change the account password, thereby preventing interception of the message and attack by the malicious server.

Method 3: Because the server can directly manipulate the client's management tree, it can add nodes to account information in the client management tree, and use the node to retrieve random values received and stored by the client. Can be stored. Nodes can be:

<X> / AppAuth / <X> / SNAAuthCount

Then, when the node needs to be adjusted (e.g., when a predetermined time has been reached or when the count has reached a predetermined value), the server issues a Replace command to the node. An example of the command is:

<Replace>

<CmdID> 4 </ CmdID>

<Item>

<Target>

<LocURI> ./ DMAcc / serverA / AppAuth / 1 / SNAAuthCount </ LocURI>

</ Target>

<Data> 1 </ Data>

</ Item>

</ Replace>

After adjusting the random number, the server can issue a command to change the client's account password, thereby preventing the interception of the message and the attack by the malicious server.

Method 4: When a node needs to be adjusted (eg, when a predetermined time has been reached or when the count has reached a predetermined value), the client sends a replace request to the server. After the client receives an acknowledgment from the server, both parties adjust the random number. Once the mediation is complete, the server can update the client's account password to prevent interception of messages and attacks by malicious servers.

The authentication method according to the first embodiment of the present invention is different from s_nonce and c_nonce, and provides a random number that can be used in a trigger message. When a new session is initiated, the server triggers the session by generating a random number to be dedicated by the trigger message. The client uses a random number to authenticate the trigger message. Even if the server saved s_nonce is not correct, the client can start a session. In this case, if s_nonce and c_nonce are not correct, s_nonce or c_nonce can be authenticated by updating through an interaction.

Taking the incorrect s_nonce as an example, as shown in Fig. 5, the authentication method according to the first embodiment of the present invention includes the following steps.

Step 501: The server sends a trigger message to the client. This message contains a trigger message random number.

Before sending, the server generates a trigger message random number, generates a digest using this random number, and then uses the digest to generate a trigger message.

Step 502: The client determines that the trigger message random number included in the trigger message is valid, authenticates that the message is successful, and then sends a session request to the server.

After receiving the trigger message, the client determines whether the trigger message random number included in the trigger message is valid. The determination method is as described above. If the trigger message random number is determined to be valid, the client searches the client management tree to find a password corresponding to the server. The client uses the found password, the server identifier in the trigger message, and the trigger to generate a digest and authenticate the trigger message. A detailed authentication method is described in step 301. The authentication method of the client depends on how the digest is created.

After authentication succeeds, the client sends a session request to the server to initiate the session.

The session request includes authentication information including a SessionID and a digest generated using c_nonce.

In step 502, a session connection is established between a client and a server.

Step 503: The server returns a response containing the authentication result and the authentication request.

The server authenticates the client according to the authentication information sent by the client, and returns a response including the authentication result and the authentication request to the client.

More specifically, the response includes authentication information including the digest generated by the server as a result of authenticating the client, using the SessionID, and s_nonce.

Step 504: The client authenticates the server using the stored s_nonce but authentication fails.

Step 505: The client sends a challenge message and an s_nonce update message to the server.

Step 506: The server generates authentication information using the new s_nonce and sends an authentication request back to the client.

After receiving the update message, the server updates the stored s_nonce as instructed by the client, generates a new authentication request using the updated s_nonce, and sends the update result and the new authentication request to the server.

Step 507: The client returns a message containing the authentication result to the server.

The client authenticates the server according to the authentication request sent by the server and generated using the updated s_nonce, and then returns a message containing the authentication result to the server.

More specifically, this message includes the result of the client authenticating the server and other relevant information.

In the authentication method according to the first embodiment of the present invention, when a new session is started, the server generates a random number that can be used exclusively in the trigger message to trigger the session. In the authentication method according to the second embodiment of the present invention, only when the server considers s_nonce to be incorrect, it generates a random number that can be used exclusively in a trigger message to trigger a session.

As shown in Fig. 6, the authentication method according to the second embodiment of the present invention includes the following steps.

Step 601: The server sends a trigger message to the client. This message contains s_nonce.

Step 602: The server knows that authentication failed.

If the server does not receive a message returned by the client within a certain period of time, the server assumes that authentication has failed.

Step 603: The server sends a new trigger message to the client. This message contains a trigger message random number.

Before sending, the server generates a trigger message random number, generates a digest using this random number, and then uses the digest to generate a trigger message.

Step 604: The client determines that the trigger message random number included in the trigger message is valid, and after authenticating that the message is successful, sends a session request to the server.

After receiving the trigger message, the client determines whether to authenticate using s_nonce or the trigger message by determining whether the trigger message uses a trigger message random number.

The judgment method is as follows. The client determines whether the trigger message uses a trigger message random number by determining whether the trigger message includes a nonce field. If the trigger message contains a random field, the trigger message is to use the trigger message random number. Alternatively, the client determines whether the trigger message uses a trigger message random number by determining the version field information in the trigger message. This is because the message version indicates whether the message uses a trigger message random number.

After receiving the trigger message, the client determines whether the trigger message random number included in the trigger message is valid. The determination method is as described above. If the trigger message random number is determined to be valid, the client searches the client management tree to find a password corresponding to the server. The client uses the found password, the server identifier in the trigger message, and the trigger to generate a digest and authenticate the trigger message. A detailed authentication method is described in step 301. The authentication method of the client depends on how the digest is created.

After authentication succeeds, the client sends a session request to the server to initiate the session.

The session request includes authentication information including a SessionID and a digest generated using c_nonce.

In step 604, a session connection is established between the client and server.

Step 605: The server returns a response containing the authentication result and the authentication request.

Since step 605 is similar to step 503, it is not redundantly described.

Step 606: The client authenticates the server using the stored s_nonce, but authentication fails.

Step 607: The client sends a message containing a challenge and a new s_nonce to the server.

Step 608: The server returns an update result and a new authentication request to the client.

Since step 608 is similar to step 506, it is not described further.

Step 609: The client returns a message containing the authentication result to the server.

Since step 609 is similar to step 507, it is not described further.

In the authentication method according to the second embodiment of the present invention, if the server considers that s_nonce is not correct, the server generates a random number that can be used exclusively in the trigger message for triggering the session. The client processes the trigger message according to the authentication method of the first embodiment of the present invention. In the authentication method according to the third embodiment of the present invention, the client may determine whether to update the s_nonce by determining whether the trigger message uses a random number available exclusively for the trigger message. If the trigger message uses a random number that can be dedicated to the trigger message, the client can directly use the updated s_nonce for authentication in the session by updating s_nonce directly.

In the authentication methods according to the first and second embodiments of the present invention, if authentication fails, the default random number is not required to realize the authentication, so that the security of the system can be improved.

In the authentication method according to the third embodiment of the present invention, s_nonce and c_nonce are updated according to the prior art, so that the server password and the client password are updated. The updated server password may be different from the server digest generated by using the default random number, thereby preventing a message replay attack against the client. According to the updated client password, the client digest generated by using the default random number is different, thereby preventing the message replay attack on the server, thereby increasing the safety of the system.

In the authentication method according to the fourth embodiment of the present invention, the relevance between the steps is enhanced, so that the safety of the system can be increased because the previous step is used for the authentication of the next step. As shown in Fig. 7, the authentication method includes the following steps.

Step 701: The client receives a trigger message for authenticating the session and authenticates the message.

Step 702: The client authenticates that the trigger message has failed and reauthenticates using the default random number.

Step 703: The client sends a session request to the server. This session request is generated using the default random number.

If authentication performed using the default random number succeeds, the client sends a session request to the server indicated by the trigger message. If the session uses an application layer security mechanism, the message includes authentication information generated using the default random number, and processing proceeds to step 704. If authentication performed using the default random number fails, the client does not initiate any session, ignores the trigger message, and terminates the process.

Step 704: The server authenticates the session request sent by the client.

The server authenticates the session request in two ways:

Method 1: The server generates authentication information for authentication using c_nonce, and if authentication succeeds, performs a normal process according to the prior art. If authentication fails, the server generates authentication information using the default random number and performs authentication again. If authentication succeeds, the server generates a server authentication request using the default random number and proceeds to step 705.

Method 2: If the server determines that the session uses an application layer security mechanism, it sends a trigger message generated to the client using a default random number, which is a trigger message to trigger a session request. Authenticates the session request using the default random number. After the authentication succeeds, the flow proceeds to step 705.

The method of determining whether a session request is triggered by a trigger message is as follows: Each session request has a unique session ID. Compare the session ID included in the session request with the session ID included in the trigger message. If these session IDs are the same, it indicates that the session is triggered by a trigger message.

Determining whether the server has sent a trigger message generated using the default random number to the client and whether the trigger message is a trigger message to trigger a session request can be performed after the session request has been successfully authenticated by the default random number. Can be. If the determination is successful, the flow proceeds to step 705.

The purpose of step 704 is that if a trigger message generated using the default random number and configured to trigger a session has not been sent by the server to the client, but the server has received a session request sent by the client and generated by the default random number, The message indicates that it is not normal or insecure and may be a malicious message sent by a malicious third party and may be discarded. Thus, this step improves the safety of the system.

Step 705: The server returns a response message to the client.

The server returns a response to the client that includes the authentication result, the authentication request, and a command to update c_nonce.

Step 706: The client authenticates the response sent by the server.

If the session uses an application layer security mechanism, the client authenticates to the server using the default random number. The authentication method is as follows. The client uses s_nonce to generate authentication information for use in authentication. If authentication succeeds, the client performs a normal process according to the prior art. If authentication fails, the client generates authentication information using the default random number and performs authentication again. If authentication succeeds, the client updates c_nonce and proceeds to step 707.

As another method of step 706, if the session uses an application layer security mechanism, the client sends a session request generated using the default random number to the server, and the client authenticates to the response sent by the server using the default random number. Is done. After authentication succeeds, the client updates c_nonce and proceeds to step 707.

The step of determining whether the client sends the session request generated using the default random number to the server may be performed after authentication is performed using the default random number. If authentication succeeds, a determination is made. If the determination is successful, the flow proceeds to step 707.

Step 707: The client returns a response to the server.

The client returns a response to the server that includes the authentication result, the c_nonce update result, and a command to update s_nonce.

Step 708: The server returns a result of the s_nonce update to the client.

After completing these steps, you can update the server password, or both the server password and the client password, to prevent replay attacks.

In these steps, the session ID may be used as a random number, or the trigger message ID may be used as a random number instead of the default random number. Thereby, the constant open random number can be avoided and stability can be further improved.

The authentication method according to the third and fourth embodiments of the present invention can effectively improve the safety of the system.

Conventionally, if s_nonce is not accurate and needs to be updated, as shown in steps 203 and 204 of FIG. Because the default random number needs to be used before being updated, the risk is high. When messages are exchanged multiple times in a mobile network, the network becomes overloaded.

In an embodiment of the authentication method of the present invention, a solution for adding a new s_nonce to a session request sent by a client is presented. By doing this, the server can directly update s_nonce and authenticate with the new s_nonce, reducing the number of signal interactions and the use of default random numbers, enhancing the security of the system and reducing the load on the network. I can alleviate it.

As shown in FIG. 8, the authentication method according to the fifth embodiment of the present invention includes the following steps.

Step 801: The client determines that it needs to update s_nonce.

If the client determines that s_nonce has expired or finds that s_nonce stored in the server is different from that stored in the client, it determines that s_nonce should be updated.

The client determines that the s_nonce stored on the server is different from the one stored on the client in the following way.

After receiving the trigger message, the client authenticates the trigger message using the stored s_nonce. If authentication fails for some reason, the client uses the default random number or uses the session ID or trigger message ID as a random number to generate a digest and retry authentication of the trigger message.

If authentication succeeds, the s_nonce previously used by the server is incorrect and indicates that the s_nonce stored on the server is different from that stored on the client.

Step 802: The client sends a session request containing the update information to the server.

After the client determines that it needs to update s_nonce, it creates a new s_nonce, adds this s_nonce to the session request, and then sends the session request to the server, asking the server to initiate a session and update s_nonce. .

The session request includes authentication information including a SessionID, a newly created s_nonce, and a digest created using c_nonce. In this session request, a digest can be created using the default random number, session ID, or trigger message ID as a random number.

The newly generated s_nonce may be included in SyncHdr or SyncBody of the session request (SyncML).

The inclusion method is described below. It is assumed that the newly created s_nonce is included in SyncHdr.

To include s_nonce, change SyncHdr to

SyncHdr (VerDTD, VerProto, SessionID, MsgID, Target, Source, RespURI ?, NoResp ?, Cred ?, Chal ?, Meta?)>

A SyncML message containing s_nonce looks like this:

<SyncML xmlns = 'SYNCML: SYNCML1.2'>

<SyncHdr>

...

<Chal>

<Meta>

<NextNonce xmlns = 'Syncml: metinf'> LG3iZQhhdmKNHg == </ NextNonce>

</ Meta>

</ Chal>

</ SyncHdr>

<SyncBody>

...

</ SyncBody>

</ SyncML>

Step 803: The server returns a response including the authentication result, the update result, and the authentication request.

After receiving the session request, the server authenticates the client using c_nonce and updates the stored s_nonce using the s_nonce in which the update included in the session request is completed. After authentication succeeds and the update is completed, the server generates an authentication request using the updated s_nonce and returns a response to the client that includes the authentication result, the update command, and the authentication request. The server preferably uses c_nonce to authenticate session requests. After successful authentication, the server can update s_nonce to maintain synchronization between the s_nonce stored on the server and the one stored on the client.

More specifically, the response includes authentication information including a result generated by the server authenticating the client, an update result of s_nonce, and a digest generated using the updated s_nonce.

Step 804: The client returns a message containing the authentication result to the server.

The client authenticates to the server using the updated s_nonce. After authentication succeeds, the client returns the authentication result to the server.

In addition, the authentication method according to the fifth embodiment of the present invention can be applied to the authentication method according to the second embodiment of the present invention, thereby reducing the number of signal interactions.

As shown in Fig. 9, the authentication method according to the sixth embodiment of the present invention includes the following steps:

Step 901: The server sends a trigger message to the client. This message contains s_nonce.

Step 902: The server determines that authentication failed.

For example, if a server does not receive a session request from a client within a certain period of time, the server considers the authentication failed.

Step 903: The server sends a trigger message to the client. This message contains a trigger message random number.

Before sending, the server generates a trigger message random number, generates a digest using the generated random number, and generates a trigger message using the digest.

After receiving the trigger message, the client determines whether the trigger message uses a random number that can be used exclusively for the trigger message, and determines that the s_nonce needs to be updated. As a result, the client knows that the trigger message needs to update the s_nonce using a random number that is available exclusively for the trigger message.

The method for determining whether a trigger message uses a random number available exclusively for the trigger message is as follows: The client determines whether the trigger message uses a trigger message random number by determining whether the trigger message includes a random number field. do. That is, if the trigger message includes a random number field, the trigger message is to use the trigger message random number. Alternatively, the client determines whether the trigger message uses the trigger message random number by determining the version field information in the trigger message. This is because the version field indicates whether the message uses a trigger message random number.

If the client finds that the trigger message uses something other than the trigger message random number, it indicates that there is no need to update s_nonce, so it performs the normal processing.

Step 905: The client sends a session request containing the update information to the server.

When the client receives the trigger message and determines that the trigger message uses a trigger message random number that is available exclusively for the trigger message, the client determines whether the trigger message random number included in the trigger message is valid. The determination method is as described above. If the trigger message random number is determined to be valid, the client searches the client management tree to find a password corresponding to the server. The client uses the found password, server identifier, and trigger to generate a digest and authenticate the trigger message. A detailed authentication method is described in step 301. The authentication method of the client depends on how the digest is created.

After successful authentication of the trigger message, the client creates a new s_nonce, adds the generated s_nonce to the session request, and sends a session request containing update information to the server, which causes the server to initiate a session and update the s_nonce. Ask.

The session request includes authentication information including a SessionID, an updated s_nonce, and a digest generated using c_nonce.

The newly created s_nonce may be included in SyncHdr or SyncBody of the session request.

Step 906: The server returns a response including the authentication result, the update result, and the authentication request.

After receiving the session request, the server authenticates the client using c_nonce and updates the stored s_nonce using the updated s_nonce included in the session request. After authentication succeeds and the update is completed, the server generates an authentication request using the updated s_nonce and returns a response back to the client that includes the authentication result, the update result, and the authentication request.

More specifically, the response includes authentication information including a result of the server authenticating the client, an update result of s_nonce, and a digest generated using s_nonce.

Step 907: The client returns a message containing the authentication result to the server.

The client authenticates to the server using the updated s_nonce. After authentication succeeds, the client returns the authentication result to the server.

More specifically, this message includes the result of authenticating the server and other relevant information.

Conventionally, the client has not started a session after successful authentication with the server. In this case, if the client determines that s_nonce has expired or is not correct, it is impossible to update s_nonce or maintain s_nonce effectively.

Thus, the authentication method according to the seventh embodiment of the present invention provides a corresponding solution.

In the authentication method according to the seventh embodiment of the present invention, after the client determines that the authentication with the server is successful and does not start the session, the client sends a state response to the server. If the client determines that s_nonce has expired or is inconsistent with the s_nonce stored on the server, the client creates a new s_nonce and adds the new s_nonce to the status response. The client computes the digest using c_nonce, the client's username and password, and the response message body. Thus, after receiving the status response, the server can authenticate the information according to the digest computed using c_nonce, the username and password of the client, and the response message body. After authentication succeeds, the server updates the stored s_nonce according to the new s_nonce included in the status response.

As shown in FIG. 10, the status response with the new s_nonce includes a digest, a notification header (notification-hdr), and a notification-body.

The notification header includes the version, state-code, notification ID, new next-nonce, future-use, session ID (SessionID), length of authentication ID (length-authname), and authentication ID. (authname) is included.

NextNonce is a new s_nonce (server random number).

Conventionally, if s_nonce is not correct, s_nonce and c_nonce are not used again, and the client and server generate authentication information using the default random number. Thus, a malicious server can intercept arbitrary messages and attack the server or client.

s_nonce is different from c_nonce, which is generated by the server and the client respectively, and can be used for the other side. Thus, if one of them fails, the other is not affected. In the authentication methods according to the eighth and ninth embodiments of the present invention, when there is an error in s_nonce, a solution for separately updating s_nonce is provided.

An error in s_nonce is as follows: The client has either an s-nonce expired or an error in the s_nonce stored on the server. This is the case.

To determine the consistency and synchronization between s_nonce stored on the server and s_nonce stored on the client, you can do the following: After the server sends a trigger message using s_nonce, the server does not receive a response from the client within a specific period of time. Not; Or the client finds that the trigger message sent by the server contains a digest generated using the default random number; Or if the client finds that there is no random number used in the trigger message sent by the server.

After discovering an error in s_nonce and authenticating to the server, the client initiates a session request. In the session request, authentication information for authenticating the client is generated using c_nonce, or the default authentication mode (ie username and password) is applied, and s_nonce is further updated.

According to the authentication method of the seventh and eighth embodiments of the present invention, two methods for updating s_nonce are provided.

In an eighth embodiment, the server generates a trigger message using the default random number. As shown in FIG. 11, the authentication method includes the following steps:

Step 1101: The server sends a trigger message to the client to trigger the session.

After determining that the previous s_nonce is incorrect, the server generates a trigger message using the default random number and sends it to the client. This trigger message contains digests generated using default random numbers, trigger information, and other related information.

Step 1102: The client fails to authenticate the trigger message and re-authenticate using the default random number.

After receiving the trigger message, the client uses the stored s_nonce to create a digest and authenticate the trigger message. If authentication fails for some reason, the client generates a digest using the default random number and reauthenticates the trigger message.

If authentication succeeds, the s_nonce previously used by the server is incorrect and indicates that the s_nonce stored on the server is different from that stored on the client.

Step 1103: The client sends a session request including update information to the server.

After successful authentication of the trigger message using the default random number, the client creates a new s_nonce, adds it to the session request, and sends a session request to the server that contains the update information, allowing the server to initiate the session and update the s_nonce. Ask.

This session request contains authentication information including the session ID, updated s_nonce, and digest generated using c_nonce.

In the above step, the session ID may act as a random number, or the trigger message ID may be used as a random number instead of the default random number, thereby avoiding fixed constant public random numbers and achieving higher safety.

Since the method of adding the updated s_nonce to the session request is basically the same as that of the third and fourth embodiments, the description thereof will not be repeated.

Step 1104: The server returns a response including the authentication result, the update result, and the authentication request.

After receiving the session request, the server authenticates the client with c_nonce and updates the stored s_nonce using the updated s_nonce of the session request. After authentication succeeds and the update is completed, the server generates an authentication request using the updated s_nonce and returns a response back to the client that includes the authentication result, the update result, and the authentication request.

More specifically, the response includes authentication information including a result of the server authenticating the client, an update result of s_nonce, and a digest generated using the updated s_nonce.

Step 1105: The client returns a message containing the authentication result to the server.

The client uses the updated s_nonce to authenticate the server. After authentication succeeds, the client returns the authentication result to the server.

In the ninth embodiment, the server generates a trigger message using the default random number, but the session request does not include update information. As shown in FIG. 12, the authentication method includes the following steps:

Step 1201: The server sends a trigger message to the client to trigger the session.

After determining that the previous s_nonce is incorrect, the server generates a trigger message using the default random number and sends it to the client. Trigger messages include digests created using default random numbers, trigger information, and other related information.

Step 1202: The client fails to authenticate the trigger message and re-authenticates using the default random number.

After receiving the trigger message, the client uses the stored s_nonce to create a digest and authenticate the trigger message. If authentication fails for some reason, the client generates a digest using the default random number and reauthenticates the trigger message.

If authentication succeeds, the s_nonce previously used by the server is incorrect and indicates that the s_nonce stored on the server is different from that stored on the client.

Step 1203: After authenticating the client with the information, send a session request to the server.

After authentication succeeds, the client sends a session request to the server to initiate the session.

The session request includes authentication information including the digest generated using the session ID, c_nonc.

In step 1203, a session connection is established between the client and the server.

Step 1204: The server returns a response containing the authentication result and the authentication request.

According to the authentication information sent by the client, the server authenticates the client. After authentication succeeds, the server generates authentication information using the default random number and returns a response back to the client that includes the authentication result and the authentication request.

More specifically, the response includes authentication information including the digest generated by the server as a result of authenticating the client using the session ID and the default random number.

Step 1205: The client returns an update command and an authentication result to the server.

The client authenticates the server using the default random number. After authentication succeeds, the client creates a new s_nonce and sends a command to the server to update the s_nonce.

Step 1206: The server returns an update result to the client.

After receiving the update message, the server updates the stored s_nonce according to the client's instructions and returns the update result to the client.

In this step, by using the session ID as a random number or by using the trigger message ID as a random number instead of the default random number, it is possible to avoid constant public random numbers and improve safety.

In this case, the server password can be updated to improve the reliability of the system.

In another embodiment, the server generates a trigger message using the default random number, but the session request does not include the default random number. The authentication method includes the following steps.

After determining that the previous s_nonce is incorrect, the server generates a trigger message using the default random number or using the session ID or trigger message ID as a random number, and sends this message to the client. The trigger message includes a digest generated using a default random number, session ID, or trigger message ID, trigger information, and other related information.

After receiving the trigger message, the client uses the stored s_nonce to create a digest and authenticate the trigger message. If authentication fails for some reason, the client uses the default random number or generates a digest using the session ID or trigger message ID as a random number and reauthenticates the trigger message. If authentication succeeds, the client sends a session request to the server to initiate the session. The session request includes authentication information including a session ID and a digest generated using c_nonce.

The server uses c_nonce to authenticate session requests. If authentication fails, the server sends a query message to update c_nonce and request reauthentication. If authentication succeeds, the server sends an authentication request generated using s_nonce, and the client authenticates using s_nonce. If authentication fails, the client can send a query message to update s_nonce and request reauthentication. After authentication succeeds, the client returns a result.

Also at this stage, the client can add the updated s_nonce to the session request and send this request to the server. Authentication requests sent by the server use the new s_nonce.

As described above, if there is an error in s_nonce, only the s_nonce is updated and the c_nonce is not updated. If the system handles an s_nonce error, use the default random number, because the c_nonce does not need to be updated, even if the system uses the default random number or authenticates using the session ID or trigger message ID as a random number. By reducing the number of times of use or the number of times of using the session ID or the trigger message ID as random numbers, the safety of the system can be improved.

Conventionally, since s_nonce and c_nonce used in the session are generated and updated by the client and the server, respectively, the management load of the client and the server becomes heavier.

In the tenth embodiment of the present invention, one random number is used in the session to replace the conventional s_nonce and c_nonce, and authentication is performed between the client and the server. Because the session is secured by a transmission layer security mechanism or an application layer security mechanism, the random number can be used to implement authentication between the client and server.

The server or client can generate random numbers. Assuming that the server generates a random number, the authentication method of the tenth embodiment of the present invention will be described.

According to a tenth embodiment, two methods for updating random numbers are provided.

Method 1: The server updates random numbers

First, the server issues a random update command (NextNonce). The random number update command includes a new random number.

After receiving the random number update command, the client updates the stored random number using the new random number included in the random number update command.

The update command may be included in the authentication message. In other words, this message includes an update command and server authentication information. The update command may be included in other management messages. That is, this message does not contain server authentication information. When the update command is included in the authentication message, the client, after receiving the message, updates the random number according to the random number update command, generates a digest using the updated random number, and authenticates the information. Authentication succeeds In this case, if the malicious server intercepts the message, the malicious server can launch a replay attack on the client at any time. To prevent this attack, if a random number update command is included in the authentication message, the client authenticates the information using a digest generated using an unupdated random number. After receiving the message, the client authenticates using the digest generated using the non-updated random number. After authentication succeeds, the client updates the stored random number according to the random number update command. If another management message contains a random number update command, there is no risk of a replay attack because the message containing the new random number and the other message containing the authentication information are sent to the other side separately.

As shown in Fig. 13, assuming that this response is included in the random number update command, the following processing is performed.

Step 1301: The server sends a trigger message to the client to trigger the session.

The trigger message contains digest and trigger information generated using a shared nonce.

Shared random numbers are generated by the server and can be used by both servers and clients.

In practice, the shared random number in this step may be a trigger message random number or a default random number. Although the server may not use a random number, the server ID and password are used to generate a trigger message to trigger the session, so the client can authenticate the trigger message by generating a digest using the server ID and password. .

Step 1302: The client sends a session request to the server.

After receiving the trigger message, the client uses the stored s_nonce to generate a digest and authenticate the trigger message. If authentication succeeds, the client sends a session request to the server to initiate the session.

The session request includes authentication information including a session ID and a digest generated using a shared random number.

In this step, a session connection is established between the client and the server.

Step 1303: The server returns a response containing the authentication result and the authentication request, the response including a random number update command.

The server authenticates the client in accordance with the authentication information sent by the client. If authentication succeeds, the server determines that it must update the shared random number, generates a new shared random number, and returns a response including the authentication result and the authentication request to the client. This response contains a random number update command.

More specifically, the response includes a session ID, authentication information including a digest generated using a random number that has not been updated, as a result of the server authenticating the client, and a random number update command containing the new random number.

Step 1304: After receiving the response, the client authenticates the message using the random number that is not updated.

Step 1305: If authentication succeeds, the client uses the new random number included in the random number update command to update the stored shared random number, as indicated in the random number update command.

Step 1306: The client returns a message containing the authentication result and the update result to the server.

More specifically, this message includes the result of the client authenticating the server, the result of updating the shared random number, and other relevant information.

The server and client can define different validity periods of shared random numbers. If the server determines that the shared random number is valid, the validity period of the shared random number may expire for the client. Therefore, in order to maintain the validity of the shared random number for the client, the tenth embodiment of the present invention provides a solution in which the client requests the server to update the shared random number.

The client requests the server to update the shared random number using an Alert command among the device management (DM) commands. In order for the server to understand the command, a warning type is added to the command. The warning type is an indication of a request to the server to update a random number.

If the client determines that it needs to update the random number, it sends a request to the server through a warning command to update the shared random number. This request may be included in an authentication message or other management message. When the server receives such a request, the server determines whether to update the random number according to a specific situation.

The type of alert may be defined as org.openmobilealliance.NextNonce.

The following example shows a warning type message.

<Alert>

<CmdID> 2 </ CmdID>

<Data> 1226 </ Data> <!-Generic Alert->

<Item>

<Meta>

<Type xmlns = "syncml: metinf">

org.openmobilealliance.NextNonce

</ Type>

</ Meta>

<Data />

</ Item>

</ Alert>

The way in which the client updates the random number is similar to the way in which the server updates the random number, so it is not repeated.

Method 2: The server and the client update the random number jointly.

If both the server and the client determine that they need to update the shared random number, they can generate a new random number for the update.

Random numbers can be updated with the NextNonce command. An example of the update is shown below.

<Chal>

<Meta>

<NextNonce xmlns = 'syncml: metinf'> LG3iZQhhdmKNHg == </ NextNonce>

</ Meta>

</ Chal>

NextNonce commands can be included in messages during session processing. For example, a client can send a NextNonce command to the server in addition to the session request, requesting the server to update the shared random number, or adding the NextNonce command to another message.

If either the server or the client updates the shared random number, and the update command is included in the authentication message, after the other side receives the message, the other side first updates the random number and then generates a digest using the updated random number. And verify the information. Authentication succeeds In this case, if the malicious server intercepts the message, the malicious server can launch a replay attack on the client at any time. To prevent this attack, if the NextNonce command is included in the authentication message, the other side authenticates the information using a digest generated using an unupdated random number. After the other party successfully authenticates, the other party updates the stored random number according to the NextNonce command. If the other management message includes a random number update command, there is no risk of a replay attack because a message containing the new random number and another message containing authentication information are sent separately to the other side.

In the tenth embodiment of the present invention, the server and the client authenticate using the shared random number. In this case, if there is an error in the shared random number, this error can be handled using the methods described above. In step 803 in the fifth embodiment of the present invention, the message includes a new random number and a digest generated using the new random number. In this case, if the malicious server intercepts the message, the malicious server may initiate a replay attack by repeatedly sending the message to the server or client. Since the server or client cannot identify the message, it determines that the message is valid and performs the corresponding operation. To prevent such attacks, digests can be created using random numbers that are not updated. By doing so, after receiving the message, the server can use the unupdated random number to calculate the digest and authenticate the message sender, i.e. the client, and then update the stored random number according to the NextNonce command.

The tenth embodiment of the present invention effectively reduces the load on the system.

As shown in Fig. 14, the authentication system according to the first embodiment of the present invention includes a server 1410 configured to generate a trigger message using a trigger message random number and to send the generated trigger message; And

Client 1420 configured to receive a trigger message generated using the trigger message random number and to authenticate the trigger message generated using the trigger message random number, ie, validate the trigger message.

The server 1410

A first generating unit 1412 configured to generate a trigger message using the trigger message random number;

A sending unit 1411 for sending a trigger message generated using the trigger message random number;

A second generating unit 1417, adapted to generate a trigger message using the server random number and to send the generated trigger message to the client;

A judging unit 1413 for controlling the first generating unit 1412 to generate a trigger message using the trigger message random number after it is determined that authentication for the trigger message generated using the server random number is successful;

The time unit 1414 is configured to determine the system time of the server when the first generating unit 1412 generates the trigger message using the trigger message random number, and add the system time to the trigger message generated using the trigger message random number. );

A numbering unit 1415, adapted to number the trigger message generated by the first generation unit 1412 using the trigger message random number and to use the number as the trigger message random number;

A random number reset unit 1416, adapted to reset the trigger message random number generated by the numbering unit 1415 as needed; And

By using the session ID of the session triggered by the trigger message as the trigger message random number, the client uses the trigger message random number to authenticate the trigger message after receiving the trigger message, and establishes a session corresponding to the session ID after successful authentication. And a session ID-to-nonce unit 1418, which is configured to send a session request requesting the request.

The numbering unit 1415 is,

An ascending numbering unit 14151 for numbering, in ascending order, the trigger message generated using the trigger message; And

It further includes a descending numbering unit 13152 for numbering, in descending order, the trigger message generated using the trigger message random number.

Client 1420,

A receiving unit 1421 configured to receive a trigger message generated using the trigger message random number;

A first authentication unit 1422 adapted to use the trigger message random number to authenticate the trigger message generated using the trigger message random number, that is, to validate the trigger message generated using the trigger message random number;

A second authentication unit 1425 configured to use the server random number to authenticate the trigger message after receiving the trigger message, and to reauthenticate the trigger message using the trigger message random number if authentication fails;

When the receiving unit 1421 receives the trigger message generated using the trigger message random number, it determines the local time of the client and compares the absolute value of the difference value between the local time and the system time with a predetermined threshold. Thus, if the absolute value is smaller than the predetermined threshold, it is determined that the trigger message random number is valid, and the first authentication unit 1422 authenticates the trigger message generated using the trigger message random number using the trigger message random number. First validity determining unit 1423 that controls

After the receiving unit 1421 receives the trigger message generated using the trigger message random number, and according to the stored trigger message random number, it is determined that the trigger message random number included in the trigger message is valid, the trigger message random number included in the trigger message A second validity determining unit 1424 which controls the first authentication unit 1422 to authenticate the trigger message generated using the trigger message random number, using the trigger message random number; And

Use the session ID of the session triggered by the trigger message as the trigger message random number, use the trigger message random number to authenticate the trigger message, and send a session request requesting the establishment of a session corresponding to the session ID after successful authentication. Session ID-random number unit 1428.

The second validity determination unit 1424

Compare the trigger message random number stored in the client to the trigger message random number contained in the trigger message, if the trigger message random number contained in the trigger message is greater than the maximum trigger message random number stored in the client, or the trigger message random number received and stored by the client. If the value does not include the trigger message random number included in the trigger message, or if the random value that the client did not receive includes the trigger message random number included in the trigger message, the trigger message random number included in the trigger message is valid. A first numbering determination unit 14241 adapted to determine; And

Compare the trigger message random number stored in the client to the trigger message random number contained in the trigger message, if the trigger message random number contained in the trigger message is less than the minimum trigger message random number stored in the client, or the trigger message random number received and stored by the client. If the value does not include the trigger message random number included in the trigger message, or if the random value that the client did not receive includes the trigger message random number included in the trigger message, the trigger message random number included in the trigger message is valid. The second numbering determination unit 14242, which is to be determined, is included.

Since the operation method of the authentication system according to the first embodiment is similar to the operation method of the authentication methods according to the first and second embodiments of the present invention, the description thereof will not be repeated.

According to the authentication system according to the first embodiment of the present invention, when authentication fails, the default random number is not required to perform authentication, so that the security of the system can be improved.

Since the server according to the first embodiment of the present invention is basically the same as the server in the authentication system according to the first embodiment of the present invention, description thereof will not be repeated.

As shown in FIG. 15, the client according to the first embodiment of the present invention

A receiving unit 1501 configured to receive a trigger message sent by the server;

After receiving the trigger message, if it is determined that the server random number needs to be updated, the server generates a new server random number, adds a new server random number to the session request, and sends the session request to the server, thereby generating a new server random number. A first generating unit 1512 for updating the stored server random number using the new server random number after receiving the including session request; And

If you decide not to start a session, and after receiving the trigger message, determine that you need to update the server random number, generate a new server random number, add the new server random number to the status response, and send the status response to the server. By sending, the server includes a second generating unit 1503 that enables the server to update the stored server random number after receiving a status response that includes the new server random number.

Since the operation method of the client according to the first embodiment of the present invention is similar to the operation method of the client in the authentication methods according to the fourth to sixth embodiments of the present invention, the description thereof will not be repeated.

According to the client according to the first embodiment of the present invention, when the s_nonce needs to be updated, the update request is directly included in the session request, thereby reducing the number of signal interactions, reducing the load on the system, and defaulting. The random number can be used to reduce the number of authentications performed and to improve the safety of the system.

As shown in FIG. 16, the client 1600 according to the second embodiment of the present invention

A receiving unit 1601 configured to receive a trigger message sent by the server;

After receiving the trigger message, the server random number is used to authenticate the trigger message; if authentication fails, the default random number is used to authenticate the trigger message; if authentication is successful, the client random number is used to generate the session request, and the session A generating unit 1602, which sends a request to the server so that the server can authenticate the client using the client random number; And

After updating the server random number to the new server random number, the password changing unit 1603 is configured to change the server password and the client password.

Since the operation method of the client according to the second embodiment of the present invention is similar to the operation method of the client in the authentication methods according to the seventh and eighth embodiments of the present invention, it will not be repeated.

According to the client according to the second embodiment of the present invention, when s_nonce needs to be updated, only s_nonce is updated, and c_nonce is not updated. Even if the system uses the default random number for authentication when dealing with errors in s_nonce, c_nonce does not need to be updated, so clients can use c_nonce to generate session requests, reducing the number of default random numbers used, It can improve the safety of the system.

As shown in FIG. 17, the authentication system according to the second embodiment of the present invention includes a server 1710 and a client 1720.

Server 1710,

A trigger unit that generates a trigger message using a random number shared by the server and the client, and sends the trigger message to the client so that the client can use the shared random number to authenticate the trigger message after receiving the trigger message. 1711);

A receiving unit 1712, adapted to receive from the client a session request generated using the shared random number;

An authentication unit 1713 configured to authenticate the session request using the shared random number;

A generation unit 1714 that, after successful authentication of the session request, generates a response using the shared random number and sends the response to the client so that after the client receives the response, the client uses the shared random number to authenticate the response. ;

If you need to generate a shared random number, update the shared random number, create a new shared random number, and send a random update message containing the new shared random number to the client, so that the new shared random number is received after the client receives the random number update message. An update unit 1715, which enables use to update the shared random number; And

If it is determined that the shared random number needs to be updated, by sending a random number update request to the client, after the client receives the random number update request and decides to update the random number, generate a new shared random number and include a new shared random number. A requesting unit 1716 to send the update message.

Client 1720 is,

A receiving unit 1721 configured to receive a trigger message sent by the server and generated using a random number shared by the server and the client;

After receiving the trigger message, a first authentication unit 1722 configured to authenticate the trigger message using the shared random number;

After successful authentication, use the shared random number to generate a session request and send the session request to the server, after the server receives the session request, use the shared random number to authenticate the session request, that is, validate the session request. Generating unit 1723 to cause;

A second authentication unit 1724 configured to authenticate the response using the shared random number after receiving the response generated by the server using the shared random number;

If a shared random number needs to be generated and the shared random number needs to be updated, a new shared random number is generated after the server receives the random number update message by generating a new shared random number and sending a random number update message containing the new shared random number to the server. An update unit 1725 for updating the shared number of times using; And

If it is determined that the shared random number needs to be updated, by sending a random number update request to the server, after the server receives the random number update request and decides to update the random number, it generates a new shared random number and includes the new shared random number. Request unit 1726 for sending a random number update message.

Since the operation method of the authentication system according to the second embodiment of the present invention is similar to the operation method of the authentication method according to the ninth embodiment of the present invention, description thereof will not be repeated.

According to the authentication system according to the second embodiment of the present invention, instead of the conventional s_nonce and c_nonce, the server and the client share a random number during the session processing, and effectively reduce the load on the system by performing authentication between the client and the server. You can.

The server according to the second embodiment of the present invention and the client according to the third embodiment of the present invention are basically the same as those of the server and the client of the authentication system according to the second embodiment of the present invention. .

Those skilled in the art will appreciate that some or all of the steps of the embodiments described above may be implemented in hardware dictated by a computer program. Such a program can be stored in a computer-readable storage medium. The storage medium may be a read-only memory (ROM), a magnetic disk, or a compact disk (CD).

The above description is an authentication method, system, server and client based on DS protocol or DM protocol. While the present invention has been described with reference to several embodiments, the present invention is not limited to these embodiments. Those skilled in the art will appreciate that various modifications and changes can be made without departing from the scope of the present invention. It includes modifications and variations that fall within the scope of protection defined by the claims of the present invention or equivalents thereof.

Claims (36)

An authentication method based on the Data Synchronization (DS) protocol or the Device Management (DM) protocol.
Generating, by the server, a trigger message using a trigger message nonce;
Sending, by the server, a trigger message to a client;
Extracting, by the client, a trigger message random number;
After the client determines that the trigger message random number is valid, generating a digest using the trigger message random number, and authenticating the trigger message generated using the trigger message random number; And
After the client successfully authenticates, sending a session request including a session ID to the server indicated by the trigger message.
Authentication method comprising a. The method of claim 1,
Before the server performs the step of generating a trigger message using the trigger message random number,
The server generating a trigger message using a server nonce;
Sending, by the server, a trigger message generated using a server random number to the client; And
After the server determines that authentication for the trigger message generated using the server random number is successful, generating a trigger message using the trigger message random number. The method according to claim 1 or 2,
The server generating a trigger message using the trigger message random number may include:
The server using the system time of the server as a trigger message random number and including the system time of the server in a trigger message generated using the trigger message random number;
After the client receives the trigger message generated using the trigger message random number, determining whether the trigger message random number is valid by comparing the client's local time with a trigger message random number;
After the client determines that the trigger message random number is valid, generating a digest using the trigger message random number, and authenticating the trigger message generated using the trigger message random number using the digest. Authentication method. The method according to claim 1 or 2,
The server generating a trigger message using the trigger message random number may include:
The server using the session ID of the session triggered by the trigger message as a trigger message random number;
When the client receives a trigger message, authenticating the trigger message using a trigger message random number; And
Sending, by the client, after a successful authentication, a session request requesting setup of a session corresponding to a session ID. The method according to claim 1 or 2,
The server generating a trigger message using the trigger message random number may include:
The server includes the trigger message random number in the message header or message body of the trigger message, generates a digest using the trigger message random number, the message header of the trigger message, and the message body, and generates the generated digest. Generating a trigger message using; or
The server including a trigger message random number in the message header or message body of the trigger message, generating a digest using the message header and the message body of the trigger message, and generating a trigger message using the generated digest. , Authentication method. A first generating unit configured to generate a trigger message that is compatible with a Data Synchronization (DS) protocol or a Device Management (DM) protocol using a trigger message nonce; And
Sending a trigger message generated using the trigger message random number to the client, causing the client to extract the trigger message, and after determining that the trigger message random number is valid, authenticating the trigger message generated using the trigger message random number. A sending unit configured to send a session request to the server indicated by the trigger message after authentication of the trigger message is successful.
Server comprising a. The method of claim 6,
A second generating unit for generating a trigger message using a server nonce and sending the generated trigger message to the client, thereby enabling the client to authenticate the trigger message generated using the server random number; And
And a judging unit for controlling the first generating unit to generate a trigger message using the trigger message random number after it is determined that authentication for the trigger message generated using the server random number is successful. A receiving unit, generated by the server using a trigger message random number, adapted to receive a trigger message that is compatible with a Data Synchronization (DS) protocol or a Device Management (DM) protocol; And
Extracting the trigger message random number, generating a digest using the trigger message random number, after determining that the trigger message random number is valid, authenticating a trigger message generated using the trigger message random number, and after authentication is successful, A first authentication unit, adapted to send a session request to the server indicated by the trigger message
Client comprising a. The method of claim 8,
After receiving the trigger message, a client further comprising a second authentication unit configured to use a server random number to authenticate the trigger message and, if authentication fails, to reauthenticate the trigger message using the trigger message random number. . delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete

Images